Closed Bug 1504691 Opened 2 years ago Closed 2 years ago

Certificates are not installed if they are placed inside %localappdata%

Categories

(Firefox :: Enterprise Policies, defect)

All
Windows
defect
Not set
normal

Tracking

()

VERIFIED FIXED
Firefox 65
Tracking Status
firefox-esr60 64+ verified
firefox63 --- unaffected
firefox64 --- verified
firefox65 --- verified

People

(Reporter: emilghitta, Assigned: mkaply)

References

Details

Attachments

(2 files)

Attached file policies.json
[Affected versions]:
Firefox 65.0a1 
Firefox 64.0b6 

[Affected platforms]:
Windows 10 64bit.

[Preconditions]:
1. Download the root certificate from http://www.cacert.org/index.php?id=3 and place it inside %USERNAME\AppData\Local\Mozilla\Certificates 
2. Place the attached json file inside the distribution folder.

[Steps to reproduce]:
1. Launch Firefox.
2. Access the about:preferences page.
3. Search for Root CA inside the Certificate Manager.

[Expected result]:
The certificate is successfully installed.

[Actual result]:
The certificate is not installed.

[Note]:
It seems that the certificates are successfully installed via policies.json if they are placed inside %USERNAME\AppData\Roaming\Mozilla\Certificates
Pushed by mozilla@kaply.com:
https://hg.mozilla.org/integration/autoland/rev/30bc16db58ab
Read certs from local and roaming on Windows. r=Felipe
https://hg.mozilla.org/mozilla-central/rev/30bc16db58ab
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 65
Assignee: nobody → mozilla
This issue is verified fixed using Firefox 65.0a1 (BuildId:20181111220121) on Windows 10 64bit.
Status: RESOLVED → VERIFIED
Does this need uplift to Beta?
Flags: needinfo?(mozilla)
Comment on attachment 9023721 [details]
Bug 1504691 - Read certs from local and roaming on Windows.

[Beta/Release Uplift Approval Request]

Feature/Bug causing the regression: Bug 1474683

User impact if declined: Can't import from certain locations,

Is this code covered by automated tests?: No

Has the fix been verified in Nightly?: Yes

Needs manual test from QE?: No

If yes, steps to reproduce: 

List of other uplifts needed: None

Risk to taking this patch: Low

Why is the change risky/not risky? (and alternatives if risky): Adds another path to list, very low risk.

String changes made/needed:
Flags: needinfo?(mozilla)
Attachment #9023721 - Flags: approval-mozilla-beta?
Comment on attachment 9023721 [details]
Bug 1504691 - Read certs from local and roaming on Windows.

policy engine tweak, verified in nightly; approved for 64.0b10
Attachment #9023721 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
This issue is verified fixed using Firefox 64.0b10 (BuildId:20181115150739) on Windows 10 64bit.
Comment on attachment 9023721 [details]
Bug 1504691 - Read certs from local and roaming on Windows.

[ESR Uplift Approval Request]

If this is not a sec:{high,crit} bug, please state case for ESR consideration: Followup fix to bug 1474683

User impact if declined: Certs import from the wrong location on Windows

Fix Landed on Version: 64

Risk to taking this patch: Low

Why is the change risky/not risky? (and alternatives if risky): Just adds directory to existing patch

String or UUID changes made by this patch:
Attachment #9023721 - Flags: approval-mozilla-esr60?
Comment on attachment 9023721 [details]
Bug 1504691 - Read certs from local and roaming on Windows.

Fix for policy issue, verified in nightly, let's uplift for ESR.
Attachment #9023721 - Flags: approval-mozilla-esr60? → approval-mozilla-esr60+
https://hg.mozilla.org/releases/mozilla-esr60/rev/6f64e970b7e97d84b36211377a4eb2f5ea112855

This was built locally on the ESR branch and tested.

Emil, can you test when landed?
This is verified fixed using Firefox 60.3.1esr (provided in comment 12) on Windows 10 64bit.
You need to log in before you can comment on or make changes to this bug.